Buy it online: Buy USB2 Sniffer

• XC7A35T Artix 7 Series FPGA
• FT601 USB 3.0 w/ 5Gbps bandwidth
• 256MB DDR3 RAM
• 2 High Speed USB ULPI
• USB MUX for active/passive switching
• 2 RGB LEDs

• USB2 Sniffing
• USB2 MitM
• FaceDancer-like attacks
• High Speed USB IP design…

USB2Sniffer is a hardware-based sniffer. This is different than a software-only sniffer (For ex. Wireshark):

Software-only limitations:

• Capture is done at a higher level (URB)
• Depends on the host PC hardware USB controller
• Can only monitor USB traffic from/to the host PC

Hardware-based sniffer capabilities:

• Capture is done at the wire level (DP/DM).
• Ability to capture low level events such as: VBUS states, Speed negotiation Chirps, NAK or Incomplete transactions, PING, SPLIT, Start of Frames (SOF), errors, retransmissions, etc.
• Non intrusive: ULPI PHY are set to passive (non driving, no pull-up, no pull-down) mode and have no effect on the monitored USB bus.
• Accurate timings: each data byte or bus event is timestamped with a 60 MHz timestamp clock (16 ns precision)
• Capture between any host/device: a phone and its accessory, embedded systems, etc.

For USB sniffing, put the jumpers as follows to power the USB device from the USB host side:

We provide open source FPGA gateware and GUI software for USB2 Sniffing scenario.

Other use cases (USB MiTM, Facedancer like, etc.) are not supported by the current gateware/software.

To build the gateware follow instructions as explained in README here:

• https://github.com/lambdaconcept/usbsniffer

Short instructions:

git clone git@github.com:lambdaconcept/usbsniffer.git
cd usbsniffer
python usbsniffer.py
openocd -f openocd/openocd.cfg

Alternatively precompiled versions are available for download:

• https://github.com/lambdaconcept/usbsniffer/releases

mkdir -p build/gateware/
cp ~/Downloads/top.bin build/gateware/
openocd -f openocd/openocd.cfg

Refer to JTAG+Serial Programmer and OpenOCD sections for additional information regarding SPI flash programming

Qt5-based open source GUI software for USB2 sniffer.

• Real time USB2 capture. Data is streamed to the GUI
• USB transaction grouping in tree view
• Filtering incomplete / NAK transactions
• Hexdump / Ascii detailed packet view
• Full ULPI RxCmd dump
• User selectable capture speed: LS/FS/HS
• Capture file format compatible with ITI1480A device. See https://github.com/vpelletier/ITI1480A-linux/blob/master/iti1480a/parser.py#L124
• Portable Linux / Windows

For performance reason we wrote our own ft60x driver for Linux.

• https://github.com/lambdaconcept/ft60x_driver

In short:

git clone git@github.com:lambdaconcept/ft60x_driver.git
cd ft60x_driver
make
sudo insmod ft60x.ko

No driver required on Windows, FTDI D3XX library is provided with the software.

• https://github.com/lambdaconcept/usb2sniffer-qt

Or download precompiled versions:

• https://github.com/lambdaconcept/usb2sniffer-qt/releases